1. Field of the Invention
The present invention relates to data storage, and, more particularly, to access control technology for secure data storage whereby the data is protected from unauthorized access.
2. Description of the Related Art
It is known that data is a valuable corporate asset that needs to be protected from unauthorized access. Access control technologies prevent unauthorized users from accessing data without permission. Known technologies include zoning or LU masking, such as that disclosed in WO 0055750 A1 and U.S. Pat. No. 6,684,209 B1, respectively, which limit access to a certain data volume or storage system to specific hosts. Operating systems for computer systems are also equipped with user privilege management functions.
However, the prior art systems leave behind security gaps which cannot be protected by such access controls. For example, even when a storage system is protected by access control mechanisms, data copied to tapes or remote storage systems may be subject to breach, or tapes or magnetic disks may be physically stolen.
One of the reasons why such incidents happen is that access control is achieved by many components, such as clients, servers, switches and storage systems. Even when a storage system allows access to only authenticated servers, security can be ineffective if even one of the servers does not securely manage user privileges. For example, devices such as switches, which sit between hosts and storage systems, can convert data coming out of the storage systems. However, if an attempt is made to monitor every switch, there will be a large number of devices to manage as well as a large amount of data, which would make a storage area network (SAN) fabric management very complex. This also increases the burden placed upon administrators that need to configure security for numerous devices. In addition, such an approach requires encryption of all of the stored data in storage systems in order to avoid unexpected exposure of the data using the default setting, which increases the risk that the original data will be lost if the key and algorithm information is lost.
Another reason for security breaches is that it often happens that those who can access volumes which contain confidential data do not necessarily have to see the contents of the data. For example, a storage administrator who configures a remote copy of data from a storage system to a tape may not have to understand the meaning of the data created by business applications. To avoid such unnecessary security gaps, all of the data exiting a storage system needs to be secured unless otherwise authorized.
WO 2002093314 A2 discloses an encryption-based security system for network storage in which a device sits between a host and a storage system intercepting the communications between them. The device encrypts data downward to the storage system, and decrypts it upward to the host, so that all of the data inside the storage system is encrypted.
U.S. Pat. No. 5,235,641 discloses a file encryption method and a file cryptographic system which encrypts and decrypts data in storage systems, while leaving the key-generation function at the host side.
U.S. Pat. No. 5,940,507 discloses an information processing system providing archive/backup support with privacy assurances by encrypting data stored by the system.
Information on DES (data encryption standard) can be found at DATA ENCRYPTION STANDARD (DES), Federal Information Processing Standards Publications (FIPS Pub 46-2), National Bureau of Standards, 1988, http://www.itl.nist.gov/fipspubs/fip46-2.htm.
Information on AES (advanced encryption standard) can be found at ADVANCED ENCRYPTION STANDARD (AES), Federal Information Processing Standards Publications (FIPS Pub 197), National Bureau of Standards, 2001, http://csrc.nist.gov/CryptoToolkit/aes/.
The entire disclosures of WO 0055750 A1; WO 2002093314 A2; U.S. Pat. No. 5,235,641; U.S. Pat. No. 5,940,507; and U.S. Pat. No. 6,684,209 B1 are hereby incorporated by reference.